Recovering Memory Access Sequence with Differential Flush+Reload Attack
Side-channel attacks are effective attacks against modern cryptographic schemes, which exploit the leaking information besides input and output to the algorithm. As one of the cache-based side-channel attacks, Flush+Reload features high resolution, low noise, and virtual machine compatibility. However, a state-of-the-art Flush+Reload attack only reveals whether the memory address is accessed or not. This paper presents differential Flush+Reload attack that can recover the access sequence of memory addresses, which could lead to new vulnerabilities. The idea is to analyze statistical difference among multiple Flush+Reload results. Specifically, we add controlled delay between the start of victim calculation and the memory flush. Multiple Flush+Reload results with different delays are measured to determine the memory access sequence. Under this concept, we demonstrate the details of a successful recovery of T-table access sequences for an AES implementation from MatrixSSL version 3.9.3 on an Intel CPU.
KeywordsSide-channel Cache attack Differential Flush+Reload Access sequence
This work was supported by National Natural Science Foundation of China 61602239, Jiangsu Province Natural Science Foundation BK20160808 and JSPS KAKENHI Grant Number JP18H05289.
- 1.Aciiçmez, O.: Yet another microarchitectural attack: exploiting I-cache. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pp. 11–18. ACM (2007)Google Scholar
- 5.Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: Security and Privacy (SP), IEEE Symposium on 2011, pp. 490–505. IEEE (2011)Google Scholar
- 7.Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings Research in Security and Privacy, 1992 IEEE Computer Society Symposium on 1992. pp. 52–61. IEEE (1992). DOI: https://doi.org/10.1109/RISP.1992.213271
- 14.Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptol. Eprint Arch. 2002, 169 (2002)Google Scholar
- 17.Yarom, Y., Benger, N.: Recovering OpenSSL ecdsa nonces using the flush+reload cache side-channel attack. IACR Cryptol. Eprint Arch. 2014, 140 (2014)Google Scholar
- 18.Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: Usenix Conference on Security Symposium, pp. 719–732 (2014)Google Scholar
- 19.Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 871–882. ACM (2016)Google Scholar